I Am IronKey, and I Can Encrypt Anything

The IronKey USB flash drive is one of the most secure devices I've ever worked with, but simultaneously tries to be--and achieves being--among the simplest to interact with in achieving that security. The product, from the eponymous company IronKey, comes in capacities from 1 GB to 8 GB that encrypts data five ways to Sunday while achieving government certification as tamper evident. A secured, anonymized version of Firefox is also onboard. Prices start at $79 including a one-year subscription for anonymous browsing; an 8 GB drive is $299.

You use an encrypted flash drive to ensure that your own computers or a computer you might need to work on retains none of the data you're working with. Some people keep their mail stores on flash drives; others have working sets of applications cached. There are dozens upon dozens of flash drives that offer encryption out there, but you only have to scrape a little beneath the surface--and not too much, because you don't want to trigger its anti-tamper technology--to find a host of differences.

For starters, there's hardware AES encryption on board the sleek metal drive: there's no software to install on a host computer, and all encryption happens within the drive. This dramatically improves the security profile. Encryption keys are stored only on the drive, and only unlocked when a password you create at the time you initialize the drive is entered. (IronKey lets you back that password up on their secure Web servers with additional layers of authentication in case you forget it; accessing your account requires a digital certificate stored on the IronKey.)

Enter the password incorrectly 10 times, and the hardware fries itself. Likewise, if an IronKey is physically tampered with in an attempt to access the on-board flash memory directly, the hardware wipes memory as well. Their tamper-resistance has led to FIPS 140-2 Level 2 validation by the U.S. and Canadian governments--physical tampering must be evident--and they're working on Level 3, which requires countermeasures to attempts to disassemble the hardware.

This would all be fancy marketing points except that the IronKey seems to deliver in my testing. You plug it in. You enter a password. It does its thing. IronKey should be simple enough to use without information technology (IT) staff support, although the company sells an enterprise flavor designed to be managed by IT folk.

A password manager that's integrated into Firefox takes the oompf out of keylogging software by using a workaround to enter your Web data, making it possible to use a cafe or Kinko's PC without worrying about having your details snarfed. IronKey's version of Firefox also stores no temporary files on the host computer, and uses a secure proxy to tunnel browsing to its anonymized endpoints.

Ultimately, IronKey's chief marketing officer told me, as flash drive capacity hits 64 GB, they expect that you'll be carrying around an entire secured computer on a flash drive, and plug it in to a very thin PC to boot and operate without storing any information on the host. One step further puts the entire computer on the drive, relying on a host machine for display, peripherals, and networking only. Think of it as BYOEE: Bring Your Own Encrypted Environment.